>On netbook platform( Eeepc 901; "Aspire One + Omiz Bluetooth dongle"), when using >bluez, such as paring, l2ping and rfcomm, kernel crashes easily.
>I am using kernel 2.6.29.
>I caught the crash messag:
>BUG: spinlock bad magic on CPU#0, swapper/0
>Bug: unable to handle kernel paging request at 00646733
I have done some research on the issue and found that at
hci_event.c: hci_disconn_complete_evt()
After
hci_conn_del_sysfs(conn)
The contents of conn maybe modified
Such as
conn->idle_timer
conn->disc_timer
and
conn->list
that leads to crash of kernel when run hci_conn_del(conn)
I worked a patch to run hci_conn_del_sysfs after hci_conn_del and find that the issue can be fixed. Some one can tell me whether the patch is ok, and the root cause of the issue. Thanks! :)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index f91ba69..1999ac1 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1009,10 +1009,9 @@ static inline void hci_disconn_complete_evt(struct
hci_dev *hdev, struct sk_buff
if (conn) {
conn->state = BT_CLOSED;
- hci_conn_del_sysfs(conn);
-
hci_proto_disconn_ind(conn, ev->reason);
hci_conn_del(conn);
+ hci_conn_del_sysfs(conn);
}
hci_dev_unlock(hdev);
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
